CVE-2026-48683

NameCVE-2026-48683
DescriptionFastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow records without performing a per-iteration bounds check against the packet end pointer. In contrast, the Options template branch (lines 1709-1719) correctly checks 'if (pkt + offset + field_template->total_length > packet_end)' before each iteration. The Data branch omits this check entirely. Since template definitions are sent by the network peer (and are unauthenticated UDP), an attacker can craft templates that cause the parser to read arbitrary memory past the packet buffer. This can leak sensitive memory contents or cause a crash.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1138646

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
fastnetmon (PTS)bookworm, bookworm (security)1.2.4-2+deb12u1vulnerable
trixie1.2.8-1vulnerable
forky, sid1.2.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fastnetmonsource(unstable)1.2.9-1unimportant1138646

Notes

https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48683-netflow-v9-data-oob
Not a vulnerability by itself, controlling access is the responsibility of the deployment
https://github.com/pavel-odintsov/fastnetmon/commit/aa1069abaa8624e50b5d0c6c8ccd0f5d9ddc111e (v1.2.9)
https://github.com/pavel-odintsov/fastnetmon/pull/1057
Search for package or bug name: Reporting problems